<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第132期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第132期）</strong></h5>
<blockquote> 2016/09/05-2016/09/11</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>G20网络安保新趋势：安全SaaS+MSS+TI成标配<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA5MDIwMjI4MQ==&amp;mid=2688641790&amp;idx=1&amp;sn=58d1cf18feadad6534f4510cbbde8ccb&amp;scene=1&amp;srcid=0908RQHeUiCctcddtiS7koej#rd">http://mp.weixin.qq.com/s?__biz=MzA5MDIwMjI4MQ==&amp;mid=2688641790&amp;idx=1&amp;sn=58d1cf18feadad6534f4510cbbde8ccb&amp;scene=1&amp;srcid=0908RQHeUiCctcddtiS7koej#rd</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>黑皮书：安全领域聚合性APP<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzIxODQxMjUwMw==&amp;mid=2247483670&amp;idx=1&amp;sn=203a952cd606ccae112389bde70bf4fd&amp;scene=1&amp;srcid=0901gJ98WuqsapStZlaMXWj8#rd">http://mp.weixin.qq.com/s?__biz=MzIxODQxMjUwMw==&amp;mid=2247483670&amp;idx=1&amp;sn=203a952cd606ccae112389bde70bf4fd&amp;scene=1&amp;srcid=0901gJ98WuqsapStZlaMXWj8#rd</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>成都一男子被骗数万元 曾多次核实骗子号码真伪<br><a target="_blank" href="http://cd.qq.com/a/20160909/008606.htm?pgv_ref=aio2015&amp;ptlang=2052">http://cd.qq.com/a/20160909/008606.htm?pgv_ref=aio2015&amp;ptlang=2052</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>FreeBuf专访百度安全实验室X-Team负责人黄正<br><a target="_blank" href="http://www.freebuf.com/articles/people/113223.html">http://www.freebuf.com/articles/people/113223.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>强推10+网络安全趋势厂商<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&amp;mid=2650824705&amp;idx=1&amp;sn=a4eace7749b80b8ebaeeb5d8ec111f6d&amp;scene=1&amp;srcid=0908z5RxVXls52bxYt9biPtm#rd">http://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&amp;mid=2650824705&amp;idx=1&amp;sn=a4eace7749b80b8ebaeeb5d8ec111f6d&amp;scene=1&amp;srcid=0908z5RxVXls52bxYt9biPtm#rd</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>创业路上所有的坑，都是必经的坑<br><a target="_blank" href="https://www.v2ex.com/t/305082#reply0">https://www.v2ex.com/t/305082#reply0</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>2017互联网校招，两个微妙的变化在发生<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/22218563?utm_campaign=official_account&amp;utm_source=weibo&amp;utm_medium=zhihu&amp;utm_content=zhuanlan">https://zhuanlan.zhihu.com/p/22218563?utm_campaign=official_account&amp;utm_source=weibo&amp;utm_medium=zhihu&amp;utm_content=zhuanlan</a></div><div class="single"><span id="tags">[爆库]&nbsp;&nbsp;</span>1亿明文口令泄露 俄罗斯搜索引擎Rambler.ru被黑<br><a target="_blank" href="http://www.aqniu.com/hack-geek/19449.html">http://www.aqniu.com/hack-geek/19449.html</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>Oui, La NSA hacked France in 2012<br><a target="_blank" href="https://medium.com/@msuiche/nsa-hacked-france-in-2012-414d8de4bdcf?swoff=true#.l4lkmqdaa">https://medium.com/@msuiche/nsa-hacked-france-in-2012-414d8de4bdcf?swoff=true#.l4lkmqdaa</a></div><div class="single"><span id="tags">[爆库]&nbsp;&nbsp;</span>俄罗斯即时通讯QIP.ru 3300万明文密码被盗<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655294340&amp;idx=5&amp;sn=5a2c7fff69ad957280eb35ef1de7c873">http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655294340&amp;idx=5&amp;sn=5a2c7fff69ad957280eb35ef1de7c873</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>陈奋的传奇：“安全狗”如何变成哮天犬？<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652875245&amp;idx=1&amp;sn=d22105ad8faf357f387b9e00f1652c24&amp;scene=0#rd">http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652875245&amp;idx=1&amp;sn=d22105ad8faf357f387b9e00f1652c24&amp;scene=0#rd</a></div><div class="single"><span id="tags">[爆库]&nbsp;&nbsp;</span>知名色情网站Brazzers 80万用户数据遭泄露<br><a target="_blank" href="http://www.freebuf.com/news/113904.html">http://www.freebuf.com/news/113904.html</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>美国政府任命首位首席信息安全官（CSO）：雷戈里·陶希尔<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5MzM3NjM4MA==&amp;mid=2654678262&amp;idx=8&amp;sn=0bd10bfc0ba99491d628830b99f54d7b&amp;scene=1&amp;srcid=0909dnYXbWfDMgKYzuBkOoWv#rd">http://mp.weixin.qq.com/s?__biz=MjM5MzM3NjM4MA==&amp;mid=2654678262&amp;idx=8&amp;sn=0bd10bfc0ba99491d628830b99f54d7b&amp;scene=1&amp;srcid=0909dnYXbWfDMgKYzuBkOoWv#rd</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>U.S. investigating potential covert Russian plan to disrupt November elections<br><a target="_blank" href="https://www.washingtonpost.com/world/national-security/intelligence-community-investigating-covert-russian-influence-operations-in-the-united-states/2016/09/04/aec27fa0-7156-11e6-8533-6b0b0ded0253_story.html">https://www.washingtonpost.com/world/national-security/intelligence-community-investigating-covert-russian-influence-operations-in-the-united-states/2016/09/04/aec27fa0-7156-11e6-8533-6b0b0ded0253_story.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Alleged vDOS Proprietors Arrested in Israel<br><a target="_blank" href="http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/">http://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/</a></div><div class="single"><span id="tags">[法规]&nbsp;&nbsp;</span>美国网络安全领域军民融合的发展路径分析<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&amp;mid=2664107769&amp;idx=1&amp;sn=37f18fa11a9b5b3114a6d38640425413&amp;scene=1&amp;srcid=0906M1vlGDGFzRmu0EHJR9CG#rd">http://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&amp;mid=2664107769&amp;idx=1&amp;sn=37f18fa11a9b5b3114a6d38640425413&amp;scene=1&amp;srcid=0906M1vlGDGFzRmu0EHJR9CG#rd</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Black Hat Europe 2016  ARSENAL<br><a target="_blank" href="http://www.blackhat.com/eu-16/arsenal.html">http://www.blackhat.com/eu-16/arsenal.html</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>最新最全的KCon 2016 顶级黑客议题PPT<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3006.html">http://bobao.360.cn/learning/detail/3006.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Kali Linux 2016.2初体验<br><a target="_blank" href="http://www.mottoin.com/88941.html">http://www.mottoin.com/88941.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>“百度杯”CTF Writeup 第一期<br><a target="_blank" href="https://www.ohlinge.cn/ctf/bctf001.html">https://www.ohlinge.cn/ctf/bctf001.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>OpenSCAP：安全防护和威胁扫描的开源工具<br><a target="_blank" href="https://www.open-scap.org/">https://www.open-scap.org/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>华为数据安全管理实践学习笔记<br><a target="_blank" href="http://www.lewisec.com/2016/09/05/%E5%8D%8E%E4%B8%BA%E6%95%B0%E6%8D%AE%E5%AE%89%E5%85%A8%E7%AE%A1%E7%90%86%E5%AE%9E%E8%B7%B5%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/">http://www.lewisec.com/2016/09/05/%E5%8D%8E%E4%B8%BA%E6%95%B0%E6%8D%AE%E5%AE%89%E5%85%A8%E7%AE%A1%E7%90%86%E5%AE%9E%E8%B7%B5%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>xcon2016:Advanced Exploitation Techniques: Breaking AV-Emulator<br><a target="_blank" href="http://www.vxjump.net/files/seccon/BAVE_xcon2016.pdf">http://www.vxjump.net/files/seccon/BAVE_xcon2016.pdf</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>KCon 2016 Slide<br><a target="_blank" href="https://github.com/knownsec/KCon/tree/master/2016">https://github.com/knownsec/KCon/tree/master/2016</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>web中各种命令注入的检测和利用二<br><a target="_blank" href="http://blog.csdn.net/qq_29277155/article/details/52420033">http://blog.csdn.net/qq_29277155/article/details/52420033</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>2016西安“华山杯” CTF WEB 部分Writeup<br><a target="_blank" href="https://www.ohlinge.cn/ctf/2016xdctf_writeup.html">https://www.ohlinge.cn/ctf/2016xdctf_writeup.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Centos安全配置(常见案例)<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&amp;mid=2247483860&amp;idx=1&amp;sn=25f992833fadcd093c02def9996d2f03&amp;scene=1&amp;srcid=0908L7UIWDTpqESCSUaaEsLv#rd">http://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&amp;mid=2247483860&amp;idx=1&amp;sn=25f992833fadcd093c02def9996d2f03&amp;scene=1&amp;srcid=0908L7UIWDTpqESCSUaaEsLv#rd</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android渗透测试实验环境搭建<br><a target="_blank" href="http://www.hackingarticles.in/build-android-penetration-testing-lab/">http://www.hackingarticles.in/build-android-penetration-testing-lab/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Exponent-cms任意文件上传漏洞分析 (cve-2016-7095)<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3001.html">http://bobao.360.cn/learning/detail/3001.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>TLS1.3版本安全性分析<br><a target="_blank" href="https://www.int21.de/slides/berlinsec-versionintolerance/#/">https://www.int21.de/slides/berlinsec-versionintolerance/#/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>CISSP备考经验<br><a target="_blank" href="http://www.lewisec.com/2016/09/04/CISSP%E5%A4%87%E8%80%83%E7%BB%8F%E9%AA%8C/">http://www.lewisec.com/2016/09/04/CISSP%E5%A4%87%E8%80%83%E7%BB%8F%E9%AA%8C/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Fuzzing IOCTLs with angr<br><a target="_blank" href="http://thunderco.re/project/security/2016/07/18/fuzzing-ioctls/">http://thunderco.re/project/security/2016/07/18/fuzzing-ioctls/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用机器学习的方法保护非政府组织<br><a target="_blank" href="http://slides.com/eldraco/stratosphere-fsfe#/">http://slides.com/eldraco/stratosphere-fsfe#/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>方程式黑客组织工具集遭泄露事件分析 <br><a target="_blank" href="http://www.arkteam.net/?p=1137">http://www.arkteam.net/?p=1137</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Introducing nOBEX – a tool for testing Bluetooth phone and messaging profiles<br><a target="_blank" href="https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/september/introducing-nobex-a-tool-for-testing-bluetooth-phone-and-messaging-profiles/">https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/september/introducing-nobex-a-tool-for-testing-bluetooth-phone-and-messaging-profiles/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Fox-scan: 基于SQLMAP的主动和被动资源发现的漏洞扫描工具<br><a target="_blank" href="https://github.com/fengxuangit/Fox-scan/">https://github.com/fengxuangit/Fox-scan/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>DET – Data Exfiltration Toolkit<br><a target="_blank" href="https://github.com/sensepost/DET">https://github.com/sensepost/DET</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>cnki-downloader: 知网(CNKI)文献下载工具<br><a target="_blank" href="https://github.com/amyhaber/cnki-downloader">https://github.com/amyhaber/cnki-downloader</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>京东代码安全审计平台第一期建设思路<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5OTk2MTMxOQ==&amp;mid=2727827297&amp;idx=1&amp;sn=277c0178ebead359392018be205020ad&amp;scene=1">http://mp.weixin.qq.com/s?__biz=MjM5OTk2MTMxOQ==&amp;mid=2727827297&amp;idx=1&amp;sn=277c0178ebead359392018be205020ad&amp;scene=1</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>WiFi安全<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458279512&amp;idx=1&amp;sn=2bfbaff70e31bdd4f5f76977962b1943&amp;scene=1&amp;srcid=0906BFO0gYKwkb9aUj4COORC#rd">http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458279512&amp;idx=1&amp;sn=2bfbaff70e31bdd4f5f76977962b1943&amp;scene=1&amp;srcid=0906BFO0gYKwkb9aUj4COORC#rd</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>PEGASUS iOS 内核漏洞分析第二部分<br><a target="_blank" href="http://sektioneins.de/en/blog/16-09-05-pegasus-ios-kernel-vulnerability-explained-part-2.html">http://sektioneins.de/en/blog/16-09-05-pegasus-ios-kernel-vulnerability-explained-part-2.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>隐写技巧——在PE文件的数字证书中隐藏Payload<br><a target="_blank" href="http://www.mottoin.com/88915.html">http://www.mottoin.com/88915.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>分享一款失败的国产加密勒索软件<br><a target="_blank" href="http://blogs.360.cn/360safe/2016/09/07/failedransomeware/">http://blogs.360.cn/360safe/2016/09/07/failedransomeware/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>代码战争：伪装和狙杀——从“壳”到“病毒混淆器<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&amp;mid=2651132585&amp;idx=1&amp;sn=6e4daa40092d8abe79d98d43536c7a53&amp;scene=1">http://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&amp;mid=2651132585&amp;idx=1&amp;sn=6e4daa40092d8abe79d98d43536c7a53&amp;scene=1</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>常见的python漏洞分析<br><a target="_blank" href="https://access.redhat.com/blogs/766093/posts/2592591">https://access.redhat.com/blogs/766093/posts/2592591</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>中国互联网发展趋势报告2016<br><a target="_blank" href="http://m.analysys.cn/report/detail/1000234.html?from=timeline&amp;isappinstalled=0">http://m.analysys.cn/report/detail/1000234.html?from=timeline&amp;isappinstalled=0</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Penetration Testing tools 渗透测试相关工具<br><a target="_blank" href="https://github.com/Aptive/penetration-testing-tools">https://github.com/Aptive/penetration-testing-tools</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>美团外卖订单中心的演进<br><a target="_blank" href="http://tech.meituan.com/mt_waimai_order_evolution.html">http://tech.meituan.com/mt_waimai_order_evolution.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>机密文件曝光大量美国神秘监控设备（挂灯、垃圾桶、鸟巢）<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&amp;mid=2649712001&amp;idx=2&amp;sn=0b4e70486bfa95fc454e7f18d45320f8">http://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&amp;mid=2649712001&amp;idx=2&amp;sn=0b4e70486bfa95fc454e7f18d45320f8</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>捻乱止于河防——浅谈企业入侵防御体系建设<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA3MzYwNjQ3NA==&amp;mid=2651297130&amp;idx=1&amp;sn=bf6d7d50501fcd53e1ee59482b6c34a8&amp;scene=1&amp;srcid=09082u3vxpBbxif82QL5S45d#rd">http://mp.weixin.qq.com/s?__biz=MzA3MzYwNjQ3NA==&amp;mid=2651297130&amp;idx=1&amp;sn=bf6d7d50501fcd53e1ee59482b6c34a8&amp;scene=1&amp;srcid=09082u3vxpBbxif82QL5S45d#rd</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>DARPA网络超级挑战赛情况及思考 <br><a target="_blank" href="http://www.arkteam.net/?p=1095">http://www.arkteam.net/?p=1095</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>如何构造Office漏洞POC（以CVE-2012-0158为例）<br><a target="_blank" href="http://www.freebuf.com/articles/system/113945.html">http://www.freebuf.com/articles/system/113945.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XSS Tricks - 从 SelfXSS 到登录你的账户<br><a target="_blank" href="http://www.n0tr00t.com/2016/09/07/Baidu-XSS-Tricks.html">http://www.n0tr00t.com/2016/09/07/Baidu-XSS-Tricks.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Github开源安全项目<br><a target="_blank" href="https://github.com/showcases/security?s=stars">https://github.com/showcases/security?s=stars</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Logcool：开源的集日志和事件的轻量级数据采集系统<br><a target="_blank" href="https://github.com/wgliang/logcool">https://github.com/wgliang/logcool</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Snagging creds from locked machines<br><a target="_blank" href="https://room362.com/post/2016/snagging-creds-from-locked-machines/">https://room362.com/post/2016/snagging-creds-from-locked-machines/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>HellRaiser: 基于端口的漏洞扫描及CVE标识<br><a target="_blank" href="https://github.com/m0nad/HellRaiser">https://github.com/m0nad/HellRaiser</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>对话东航：技术选型为何选择MongDB？<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&amp;mid=2650994053&amp;idx=1&amp;sn=dfe7173d8c557aad90e2f01e291ffb69&amp;scene=1&amp;srcid=0909PEzc0QdKGz6AzwV2PR7g#rd">http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&amp;mid=2650994053&amp;idx=1&amp;sn=dfe7173d8c557aad90e2f01e291ffb69&amp;scene=1&amp;srcid=0909PEzc0QdKGz6AzwV2PR7g#rd</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Online Banking Vulnerabilities: Authorization Flaws Lead the Way<br><a target="_blank" href="http://blog.ptsecurity.com/2016/09/online-banking-vulnerabilities.html">http://blog.ptsecurity.com/2016/09/online-banking-vulnerabilities.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>browser_vuln_check: 快速检测Webview 和浏览器环境是否存在安全漏洞<br><a target="_blank" href="https://github.com/lcatro/browser_vuln_check">https://github.com/lcatro/browser_vuln_check</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>quicksand.io:Office document malware analysis<br><a target="_blank" href="https://quicksand.io/">https://quicksand.io/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>A list of Reverse Engineering articles, books, and papers<br><a target="_blank" href="https://github.com/onethawt/reverseengineering-reading-list">https://github.com/onethawt/reverseengineering-reading-list</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/132">SecWiki周刊(第132期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
